rob on Nostr: PSA: For #plebs playing around building with #nostr You should treat all front end ...
PSA: For #plebs playing around building with #nostr
You should treat all front end code (such as JavaScript) as INSECURE.
It can be manipulated or replaced in browser console by an attacker.
So any data sent to your back end server MUST be sanitized and verified.
Check the schnorr signatures before relying on event data.
That's why Nostr events are SIGNED!
You should treat all front end code (such as JavaScript) as INSECURE.
It can be manipulated or replaced in browser console by an attacker.
So any data sent to your back end server MUST be sanitized and verified.
Check the schnorr signatures before relying on event data.
That's why Nostr events are SIGNED!